This listing of claims will replace all prior versions, and listings, of claims 
in the application. 

Listing of Claims: 

Claim 1 (Currently amended): A kernel-level transaction system, 
comprising: 

a memory; 

one or more processors operatively coupled to the memory; 

plural kernel objects to implement a transaction having plural operations; 

and 

a security descriptor, applied to at least one of the kernel objects, to identify 
at least one user, to identify one of the operations of the transaction that may be 
performed on the kernel object to which the security descriptor is applied, and to 
identify a right indicating that the identified user is permitted or prohibited to 
perform the operation. 

Claim 2 (Original): A system according to claim 1, wherein the plural 
kernel objects include: 

a transaction object to represent a transaction; 

a resource manager object to represent a resource participating in the 
transaction; and 

an enlistment object to enlist participants in the transaction. 



Claim 3 (Original): A system according to claim 1, wherein the security 
descriptor comprises at least one access control entry (ACE), which includes a 
security identifier (SID) and rights corresponding to the SID. 

Claim 4 (Original): A system according to claim 2, wherein the security 
descriptor is applied to the transaction object, and the operation identified by the 
security descriptor includes at least one of: 

set information regarding the transaction object, 

enlist the transaction object in the transaction, 

render data updates in connection with the transaction object durable, 

abort the operation on the transaction object, 

transmit data from the transaction object to another object, 

the current point of the transaction at the transaction object, and 

transmit data regarding the transaction to another device. 

Claim 5 (Original): A system according to claim 2, wherein the security 
descriptor is applied to the resource manager object, and the operation identified 
by the security descriptor includes at least one of: 

retrieve information regarding the resource manager object, 

set information regarding the resource manager object, 

determine the state of a transaction at a moment of transaction failure, 

enlist the resource manager object in a transaction, 

register the resource manager object in the transaction, 

receive notification upon resolution of a transaction at the resource manager 
object, and 
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set resource data in accordance with the transaction resolution. 

Claim 6 (Original): A system according to claim 2, wherein the security 
descriptor is applied to the enlistment object, and the operation identified by the 
security descriptor includes at least one of: 

get information regarding the enlistment object, 

set information regarding the enlistment object, 

determine a state of enlistments at a moment of transaction failure 

obtain and reference an enlistment key, 

rollback the transaction and to respond to notifications, and 

perform operations a superior transaction manager would perform. 

Claim 7 (Original): A method of implementing a kernel-level transaction, 
comprising: 

attaching a security descriptor to at least one of plural kernel objects utilized 
in a transaction; and 

performing an operation for a transaction on the at least one kernel object in 
accordance with the rights accorded by the security descriptor attached to the at 
least one kernel object. 



Claim 8 (Original): A method according to claim 7, wherein the security 
descriptor includes identification for at least one user, an operation that is able to 
be performed on the at least one kernel object to which the security descriptor is 
attached, and a right indicating that the identified user is permitted or prohibited to 
perform the operation. 
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Claim 9 (Original): A method according to claim 8, wherein the at least 
one kernel object is a transaction object. 

Claim 10 (Original): A method according to claim 8, wherein the at 

least one kernel object is a resource manager object. 

Claim 11 (Original): A method according to claim 8, wherein the at 

least one kernel object is an enlistment object. 

Claim 12 (Original): A method according to claim 9, wherein the 
operation identified by the security descriptor attached to the transaction object 
includes at least one of: 

set information regarding the transaction object, 

enlist the transaction object in the transaction, 

render data updates in connection with the transaction object durable, 

abort the operation on the transaction object, 

transmit data from the transaction object to another object, 

save the current point of the transaction at the transaction object, and 

transmit data regarding the transaction to another device. 

Claim 13 (Original): A method according to claim 10, wherein the 

operation identified by the security descriptor attached to the resource manager 
object includes at least one of: 

retrieve information regarding the resource manager object, 
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set information regarding the resource manager object, 
determine the state of a transaction at a moment of transaction failure, 
enlist the resource manager object in a transaction, 
register the resource manager object in the transaction, 
receive notification upon resolution of a transaction at the resource manager 
object, and 

set resource data in accordance with the transaction resolution. 

Claim 14 (Original): A method according to claim 11, wherein the 

operation identified by the security descriptor includes at least one of: 
get information regarding the enlistment object, 
set information regarding the enlistment object, 
determine a state of enlistments at a moment of transaction failure, 
obtain and reference an enlistment key, 
rollback the transaction and to respond to notifications, and 
perform operations a superior transaction manager would perform. 

Claim 15 (Original): A computer-readable medium having stored 

thereon an object attached to a kernel object, the object comprising: 
a first data entry identifying at least one user; 

a second data entry identifying an operation capable of being performed on 
the kernel object by the user identified by the first data entry; and 

a third data entry indicating a right for the user identified by the first data 
entry to perform the operation identified by the second data entry. 
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Claim 16 (Original): A computer-readable medium according to 
claim 15, wherein the kernel object is a transaction object, and the identified 
operation includes at least one of: 

set information regarding the transaction object, 

enlist the transaction object in the transaction, 

render data updates in connection with the transaction object durable, 

abort the operation on the transaction object, 

transmit data from the transaction object to another object, 

save the current point of the transaction at the transaction object, and 

transmit data regarding the transaction to another device. 

Claim 17 (Original): A computer-readable medium according to 
claim 15, wherein the kernel object is a resource manager object, and the identified 
operation includes at least one of: 

retrieve information regarding the resource manager object, 

set information regarding the resource manager object, 

determine the state of a transaction at a moment of transaction failure, 

enlist the resource manager object in a transaction, 

register the resource manager object in the transaction, 

receive notification upon resolution of a transaction at the resource manager 
object, and 

set resource data in accordance with the transaction resolution. 
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Claim 18 (Original): A computer-readable medium according to 
claim 15, wherein the kernel object is an enlistment object, and the identified 
operation includes at least one of: 

get information regarding the enlistment object, 

set information regarding the enlistment object, 

determine a state of enlistments at a moment of transaction failure, 

obtain and reference an enlistment key, 

rollback the transaction and to respond to notifications, and 

perform operations a superior transaction manager would perform. 

Claim 19 (Currently amended): A transaction method, comprising: 

implementing a transaction among kernel objects; and 

securing the transaction utilizing Th e Miorosoft.RTM. Windows. RTM. an 
operating system security model that applies a security descriptor to at least one of 
the kernel objects participating in the transaction . 



Claim 20 (Currently amended): A transaction method according to 

mod e l includes applying a security descriptor to at lea s t one of the kernel objects 
participating in the transaction, and wherein the security descriptor identifies at 
least one user, an operation to be performed on the at least one kernel object to 
which the security descriptor is applied, and a right indicating that the identified 
user is permitted or prohibited to perform the operation. 
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Claim 21 (Original): A method of implementing a transaction, 

comprising: 

attaching a security descriptor to at least one of plural objects utilized in a 
transaction; and 

performing an operation for a transaction on the at least one object in 
accordance with the rights accorded by the security descriptor attached to the at 
least one object. 

Claim 22 (Original): A method according to claim 21, wherein the 

security descriptor includes identification for at least one user, an operation to be 
performed on the at least one object to which the security descriptor is attached, 
and a right indicating that the identified user is permitted or prohibited to perform 
the operation. 

Claim 23 (Original): A method according to claim 22, wherein the at 

least one object is a transaction object. 

Claim 24 (Original): A method according to claim 22, wherein the at 
least one object is a resource manager object. 

Claim 25 (Original): A method according to claim 22, wherein the at 

least one object is an enlistment object. 
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Claim 26 (Original): A method according to claim 23, wherein the 

operation identified by the security descriptor attached to the transaction object 
includes at least one of: 

set information regarding the transaction object, 

enlist the transaction object in the transaction, 

render data updates in connection with the transaction object durable, 

abort the operation on the transaction object, 

transmit data from the transaction object to another object, 

save the current point of the transaction at the transaction object, and 

transmit data regarding the transaction to another device. 

Claim 27 (Original): A method according to claim 24, wherein the 
operation identified by the security descriptor attached to the resource manager 
object includes at least one of: 

retrieve information regarding the resource manager object, 

set information regarding the resource manager object, 

determine the state of a transaction at a moment of transaction failure, 

enlist the resource manager object in a transaction, 

register the resource manager object in the transaction, 

receive notification upon resolution of a transaction at the resource manager 
object, and 

set resource data in accordance with the transaction resolution. 

Claim 28 (Original): A method according to claim 25, wherein the 

operation identified by the security descriptor includes at least one of: 
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get information regarding the enlistment object, 

set information regarding the enlistment object, 

determine a state of enlistments at a moment of transaction failure, 

obtain and reference an enlistment key, 

rollback the transaction and to respond to notifications, and 

perform operations a superior transaction manager would perform. 

Claim 29 (Currently amended): A kernel-level transaction system, 
comprising: 

a memory; 

one or more processors operatively coupled to the memory; 

means for implementing a transaction among kernel objects; and 

means for securing the transaction by applying a security descriptor to at 
least one of the kernel objects, 

wherein the security descriptor identifies at least one user, an operation to 
be performed on the kernel object to which the security descriptor is applied, and a 
right indicating that the identified user is permitted or prohibited to perform the 
operation. 

Claim 30 (Original): A system according to claim 29, wherein the 

kernel objects include: 

a transaction object to represent a transaction; 

a resource manager object to represent a resource participating in the 
transaction; and 

an enlistment object to enlist participants in the transaction. 
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Claim 31 (Original): A system according to claim 30, wherein the 

security descriptor is applied to the transaction object, and the operation identified 
by the security descriptor includes at least one of: 

set information regarding the transaction object, 

enlist the transaction object in the transaction, 

render data updates in connection with the transaction object durable, 

abort the operation on the transaction object, 

transmit data from the transaction object to another object, 

save the current point of the transaction at the transaction object, and 

transmit data regarding the transaction to another device. 

Claim 32 (Original): A system according to claim 30, wherein the 
security descriptor is applied to the resource manager object, and the operation 
identified by the security descriptor includes at least one of: 

retrieve information regarding the resource manager object, 

set information regarding the resource manager object, 

determine the state of a transaction at a moment of transaction failure, 

enlist the resource manager object in a transaction, 

register the resource manager object in the transaction, 

receive notification upon resolution of a transaction at the resource manager 
object, and 

set resource data in accordance with the transaction resolution. 
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Claim 33 (Original): A system according to claim 30, wherein the 

security descriptor is applied to the enlistment object, and the operation identified 
by the security descriptor includes at least one of: 

get information regarding the enlistment object, 

set information regarding the enlistment object, and 

determine a state of enlistments at a moment of transaction failure. 



13 



